Remote work is not novel. What has changed, however, is the degree of flexibility and iterations. Companies are increasingly letting employees work remotely, on site, or both, in the new hybrid model. The challenges of 2020 validated remote workers can be productive. Still, securing the business network remains a priority, no matter where employees work.
This article explores how to create a secure environment for those working fully in the office as well as those who are remote or working in a hybrid model.
In one 2020 survey of C-suite executives, the 260 senior leaders surveyed found “remote workers significantly improved their productivity since working remotely.” There were several reasons for their “increased efficiency”:
In a separate Hubstaff survey, only 15.5% of the 400 companies surveyed planned to return fully to the office. With employees wanting to continue remote work even after the pandemic ends, many businesses are holding the course. Plus, they expect remote work to increase:
What does all this mean for securing the business network? Cybersecurity protocols and policies need to take this shift into account. The stop-gap, short-term solutions for securing the business online must be revisited to support the permanency of remote and hybrid models in the post-pandemic environment.
Securing a business network has never been easy. Still, it was more straightforward in the past. All of the IT resources were onsite, accessible only within the organization's local area network (LAN). To use the LAN-based IT resources, the employee would need to be within a certain physical boundary, use approved devices, and have the right credentials for access.
A castle metaphor is a common way of thinking about it. All the IT resources are within the castle walls and protected by a moat and well-trained archers and other soldiers. Only those with the proper credentials are allowed to enter past the portcullis.
This approach worked well enough when the only way to get online was via the physical network, using a desktop computer and relying on dedicated hardware and software owned by the business.
Then came wireless networks, the cloud and remote access. This opened up the door to working from home in pajama bottoms and fluffy slippers (with a very professional looking top for Zoom calls, of course). It also opened the door to greater cyber risk.
With remote and hybrid work much more widely accepted today, business employees want to continue working the way they do onsite, wherever they are doing the job.
In the short-term, with the COVID-19 pandemic forcing companies to be flexible, this led to many organizations setting up virtual private networks (VPNs) to secure access. Think of VPN as a tunnel giving users access to a private network even when they are not directly connected.
Businesses also migrated to the cloud where they could give staff access to the same tools online, on whatever device they used, wherever they might be. Microsoft’s Remote Desktop Protocol (RDP) was a common solution to provide quick remote access. However, RDP has suffered many high-profile critical vulnerabilities. In Q3 of 2020, reports of cyberattacks on RDP had increased as much as 140%. The FBI and NSA have also both warned on the necessity of enhanced security to safely use RDP.
The problem? Every user and each of their devices is a new point of access to the business IT resources. That’s a lot more endpoints to secure against cyberattack. As Gartner put it, the current cybersecurity model relies on “excessive implicit trust.” What’s needed instead is “explicit identity-based trust.” That’s also known as Zero Trust Network Access (ZTNA).
Even now, as businesses are bringing people back into the office, the added complications remain a concern. After all, many employees are intending to work remotely a few days each week still. Others hope to #WFH permanently. That means businesses of all sizes need a long-term, secure strategy to protect the on-premise network and keep remote and hybrid networking safe.
Zero Trust is a multi-faceted approach to cybersecurity. It involves strategies such as:
Of course, these cybersecurity efforts must allow the employee to continue to do their job, and not undercut the productivity and efficiency advantages of enabling remote or hybrid communication and collaboration.
Businesses need a solution that provides the necessary protections without adding friction to the user experience.
At the same time, though, remote users complicate cybersecurity. A business has to count on the individual to patch and update devices, software systems and applications. Plus, the worker may have a vulnerable personal ecosystem especially compared to a managed onsite network. Working remotely could also make employees more susceptible to social engineering or the careless mistakes that put an organization at risk.
Updating cybersecurity policies and training employees in digital security is important. However, these approaches on their own are not sufficient to protect a business network in this environment. At Calyptix, we recommend businesses create a Zero Trust Network Access environment. This requires verification of all attempts to access networks, systems, or data, regardless of whether they’re coming from inside or outside of the traditional firewall.
Managing cybersecurity risk is an ongoing process. Attack methods are always evolving, and remote and hybrid work present new risks.
The Calyptix Gatekeeper solution is an enhanced alternative to VPN that offers two-factor authentication to secure remote access. This secure and convenient feature of our AccessEnforcer offering provides identity access by authenticating users name and password as well as an account-specific One-Time Verification Code to access a remote network established by the business.
Unlike VPN, which generally provides users excessive access and trust (without complicated network configuration rules), Gatekeeper delivers least privileges access by design. The Administrator must define one or more rules to permit the user access to specified internal resources, such as a work station, server, camera, NAS device or other system. Those rules then allow Gatekeeper to activate one-time, source-specific transient firewall rules on demand only for the authenticated users. This design completely eliminates any exposure to the outside world of the internal systems whether it’s a windows desktop, server, camera, NAS device or other system.
For an added layer of protection, AccessEnforcer 5.0 also features Geo Fence to allow or block inbound traffic based on the designated country of origin for the source IP address.
Securing the business network for today and the future takes work. With the right solution, businesses can continue to offer remote and hybrid work options to employees without sacrificing cyber security.
